bps-arq-ajax.js – 403 error

Home Forums BulletProof Security Pro bps-arq-ajax.js – 403 error

This topic contains 12 replies, has 4 voices, and was last updated by  Qtwix 9 months ago.

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #30895

    Max
    Participant

    Hi there

    I used WP Duplicator to clone a site. I can highly recommend. It basically downloads all files and the db and then uploads files and restores in a new db. I wanted to move one site to another host (different company).

    I did NOT disable or tinker with BPS before starting the clone/copy process. I only disabled ARQ.

    After the import/setup of the new site, it works fine but BPS causes a BPS error with bps-arq-ajax.js

    Moreover the AIT BPS Pro Menu items that line up next, are not stacked top down. That wasn’t the case before.

    [403 GET Request: 10. September 2016 - 10:56]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: xxx.xxx.xxx.xxx
    Host Name: ip-xxx-xxx-xxx-xxx.local
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: xxx.xxx.xxx.xxx
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.site.ch/wp-admin/
    REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=12.3
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.101 Safari/537.36
    #30898

    AITpro Admin
    Keymaster

    This particular error has to do with WP AJAX and logging into your site as a non-admin.  ie if a Subscriber logs into you site then this particular WP AJAX error will be generated, which is fine and just sort of a nuisance thing that will be fixed in the next BPS version.  So is there another issue/problem going on?  Seems like you are saying everything is ok and you just noticed this particular error correct?

    #30900

    Max
    Participant

    I am admin. The published site (only a test site) works fine.

    The wp-admin section takes up to 60s to load.

    Using query manager I identifed that all update-checks (including built in) cause a delay of 3-5s encountering “cURL error 28: Resolving timed out” e.g. https://api.wordpress.org/plugins/update-check/1.1/

    This has probably nothing to do with BPS but with duplicating/migrating or moving/coping wp_config from a VPS to a shared host. I am investigating.

    #30904

    AITpro Admin
    Keymaster

    Yep, this is not a BPS error message.  BPS only uses cURL when running the Setup Wizard or using the cURL Scan Pro-Tool.  When I google this search term:  “cURL error 28: Resolving timed out” I see several possible general solutions.  So probably you want to do standard WordPress troubleshooting steps.  ie deactivate plugins and switch your theme temporarily.

    #30926

    Max
    Participant

    I have more of those BPS js errors. Wich module is causing the error?

    HTTP_REFERER: http://www.mysite.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php
    REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-tabs.js?ver=12.3
    HTTP_REFERER: http://www.mysite.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php
    REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-dialog.js?ver=12.3
    QUERY_STRING:
    HTTP_REFERER: http://www.mysite.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php
    REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-accordion.js?ver=12.3
    QUERY_STRING:

    etc.

    #30930

    AITpro Admin
    Keymaster

    hmm then maybe what is going on is a combo problem like something is interfering with the BPS Pro Plugin Firewall, which is then causing errors/other things to break.  I took a look at this site:  http://www.site.ch/ in the first Security Log entry you posted, but it does not appear to be a WordPress site when I look at the Source Code of your home page.  So post a link to the WP site that is having problems so I can look at the frontend Source Code for some clues.  Do BPS Pro troubleshooting step #3:  http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting and let me know if the errors go away

    #34333

    Qtwix
    Participant

    Hi,

    I have the same issue on all my sites where I’ve installed BPS Pro. I get a huge amount of log messages like:

    [403 GET Request: Oktober 18, 2017 - 8:33]
    BPS Pro: 13.3.3
    WP: 4.8.2
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 194.230.159.162
    Host Name: 194.230.159.162
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://fclandquart.ch/wp-admin/
    REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.3.3
    QUERY_STRING: ver=13.3.3
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
    
    [403 GET Request: Oktober 18, 2017 - 8:33]
    BPS Pro: 13.3.3
    WP: 4.8.2
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 194.230.159.162
    Host Name: 194.230.159.162
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://fclandquart.ch/wp-admin/edit.php?post_type=page
    REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.3.3
    QUERY_STRING: ver=13.3.3
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
    
    [403 GET Request: Oktober 18, 2017 - 8:33]
    BPS Pro: 13.3.3
    WP: 4.8.2
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 194.230.159.162
    Host Name: 194.230.159.162
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://fclandquart.ch/wp-admin/post.php?post=101&action=edit
    REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.3.3
    QUERY_STRING: ver=13.3.3
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

    Any idea why BPS Pro is blocking it’s own script?

    Thanks

    #34336

    AITpro Admin
    Keymaster

    @ Qtwix – I checked your site and see that it is being minified by LiteSpeed Cache.  Frontend minification breaks the Plugin Firewall so it is possible, but not likely, that somehow this is also affecting your wp-admin backend area.  Try BPS Pro troubleshooting step #3 > https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting to check if the problem has something to do with the BPS Pro Plugin Firewall.  Let me know what happens after deactivating the BPS Pro Plugin Firewall.

    #34341

    Qtwix
    Participant

    I think you are right. It has something to do with the PFW. However, it’s not the LightSpeed Cache, as I have the same issue with other sites too, running on an apache without any caching or minifying plugin. Yesterday, I manually updated the plugins script|file whitelist with bulk Regex (.*) wildcard rules for each plugin to make sure, nothing gets accidentally blocked by the PFW. So far I did not get any more of this kind of issue anymore. I already had the impression, that the issue happened if something got blocked, but I was not able to reliably make it out. But if I remove a script from the whitelist, I can reproduce the issue. I think I’ll keep it for now and in case I’ll get more errors of this kind, I’ll get back to this topic…

    Thanks!

    #34384

    Rafael Da Costa
    Participant

    I am having the same problem. I am not using any cache plugin yet but using a membership plugin.

    I’ve tried ” BPS Pro troubleshooting step #3 > https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting to check if the problem has something to do with the BPS Pro Plugin Firewall.”

    I’ve tried the Plugin Firewall Test Mode and done everything that could be done on the website. Auto pilot is on w/ Cron check every 1 minute.

    I also tried white list “bulletproof-security/admin/(.*).js” AND of-course the system did not let me 😐

    The “java” user agent has already been removed from the “CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS

    I need to make this website live next week, thus my last resource was to contact you.

    Hope you can help

    Thanks

    Ra

    #34385

    AITpro Admin
    Keymaster

    @ Rafael Da Costa – Try these Plugin Firewall fix steps > https://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/ > “Reset|Clear The Plugin Firewall (fixes most if not all Plugin Firewall issues/problems)”.  Since you mentioned this site is still in development then if you are using a Maintenance Mode plugin then there are several of them that break the Plugin Firewall.  Typically you want to leave the Plugin Firewall turned Off when you are developing a website or temporarily turn Off whichever Maintenance Mode plugin you are using, run PFW Test Mode to get all Plugin Firewall whitelist rules and then turn it Off again until the site goes live.

    #34388

    Rafael Da Costa
    Participant

    I’ve tried the “Reset|Clear The Plugin Firewall” before and did not work – I am gonna turn the firewall off until its 100% finish and live.

    Thanks

    #34389

    Qtwix
    Participant

    Just want to let you know:

    After whitelisting all the plugin scripts with Regex, the issue is definitively gone. I didn’t get this error anymore. I think the reason was that the AutoPilot was not able to update the whitelist rules for some reason (WAF/ModSecurity or not) and then, BPS Pro was blocking a script which actually should have been whitelisted which seems to have caused this error in some way.

    @Rafael Da Costa: You have to whitelist all your plugin scripts including the leading slash (but not the BPS Pro plugin) e.g.:
    /contact-form-7/includes/js/(.*).js

Viewing 13 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.